...
Service description
The purpose of eduroam (education roamingeducation roaming) is to provide secure, worldwide roaming access service for the international research and education community.
...
GÉANT operates the confederation-level service for members of the European eduroam Confederation, which is formed of autonomous roaming services who agree to a set of defined organisational and technical requirements by signing and following the eduroam policy declaration is based on the eduroam service definition. The confederation’s goal is to provide a secure, consistent and uniform network access service to its users.
Users
eduroam (first-level) users are National Roaming operatorsOperators, that are responsible to operate eduroam service on a National national level for their country. Up to date list of eduroam users is available at eduroam monitor site.
...
The European eduroam service is built hierarchically. At Confederation-level service is at the top level sits the confederation-level service, which , and it provides the confederation infrastructure required to grant network access to all participating members of the eduroam service together with a set of supporting services. This confederation service is built upon the national roaming services, operated by the national roaming operators (NROs – in most cases, NRENs). National roaming services make use of other entities, for example, campuses and regional facilities. eduroam service delivery model is presented in the following picture.
The European service is governed by the eduroam Steering Group (SG), while day-to-day operations are carried out by the eduroam Operations Team (OT).
...
Technology infrastructure
The confederation infrastructure relies on a distributed set of AAA servers. The current configuration uses RADIUS as the AAA protocol. There are various transport protocols to carry RADIUS payloads, as of May 2012, the following protocols exist: RADIUS/UDP, RADIUS/TCP, RADIUS/DTLS and RADIUS/TLS. eduroam supports transport over RADIUS/UDP and RADIUS/TLS, and recommends the use of RADIUS/TLS. Routing of RADIUS messages, independently of the transport used, is implemented in two ways: a baseline routing model, based on a hierarchy of RADIUS servers, and a dynamic-routing model, based on DNS service discovery. The dynamic-routing model is only supported over RADIUS/TLS.
Full explanation of technology infrastructure is provided at in eduroam Service Definition.
European Top-level RADIUS Servers (ETLRS) for the European Confederation are operated by SURFnet (Netherlands) and DeIC (Denmark). Top-level RADIUS Servers are deployed using Radiator software.
Supporting infrastructure
Each server has a list of connected, federation top-level domains (.nl, .dk, .hr, .de etc.) serving the appropriate NRENs. The servers also maintain exception rules for domains whose federation membership is not immediately identifiable in the realm (typically gTLD realms such as ’.edu’, ‘.eu’, ‘.net’, etc.). The servers accept requests for the federation domains they are responsible for, and subsequently forward them to the associated RADIUS server for that federation, and transport the response (i.e. result of the authentication request) back. Requests for the federation domains that the servers are not responsible for are forwarded to the proper federation TLRS. .
Complete explanation of technology infrastructure is provided in the eduroam Service Definition.
Supporting infrastructure
Monitoring, Diagnostics and Metering
...
- to test the functionality of the FLRSs, TLRSs and the whole confederation infrastructure.
- to collect information about the authentication traffic from the FLRSs.
Information is provided via the monitoring website that that is operated by SRCE (Croatia). Monitoring website is an in-house development for GEANT project, developed and maintained by SRCE. Source code is available at ?
...
eduroam Website
The eduroam website is run and maintained by the OT. It is the is the central information point for eduroam users at the same time providing information and links for all user groups (see Section 3, Users).. It is built by using WordPress CMS. The website is run and maintained by ?? . The content is edited by the PR team with support of the subject matter experts from OT. It
The eduroam wiki is
eduroam CAT
The eduroam Configuration Assistant Tool (CAT) has been developed to help organisations offering their users eduroam access. The tool builds customised installers for a range of popular PC and smartphone platforms and enhances the security for the end user.
The tool ensures that users are protected against rogue wi-fi hotspots accessing usernames and passwords.
...